Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password gets set to empty after password update if you clear the field and click update again #6

Open
ShhmonDai opened this issue Feb 26, 2024 · 2 comments
Open

Password gets set to empty after password update if you clear the field and click update again #6

ShhmonDai opened this issue Feb 26, 2024 · 2 comments

Comments

@ShhmonDai
Copy link

ShhmonDai commented Feb 26, 2024
edited
Loading

In the profile page when you change your password -> click update then without refreshing the page clear the password field and change your username or email and click update, the password gets set to empty or "" in database.

I've recreated the issue in the live blog. You can check the user: [email protected] in the live database to confirm.

On further testing it appears that changing your password -> clicking update -> clearing the password field -> clicking update, results in the same issue.

Edit: You can also set username and email to empty the same way. It appears the database already had users with empty email and password
@IAMAmanRaj
Copy link

IAMAmanRaj commented Mar 18, 2024
edited
Loading

Hey , thanks for bringing my attention to it .

I made this project in january and I was taking help from this project in a hackathon which is currently going on.

Oh , So we can't make the Form field required otherwise this would let user to forcefully change the password as well if he/she tries to change the username/email or be it password.
Also , we shouldn't try to retrieve the hashed password on the frontend for security purposes , So if user loses his/her account by accidentally setting password to empty , this will be hilarious

So we can avoid changing the password if it is being set to empty by just this :
const handleChange = (e) => {
if (e.target.id === 'password' && e.target.value.trim() === '') {
return;
}
setFormData({ ...formData, [e.target.id]: e.target.value }); //for username and pwd

};

@ShhmonDai
Copy link
Author

Hey , thanks for bringing my attention to it ...

I think theres just an error in the update function in the user controller and the checks there arent triggering. We do have a length check for password in it for example. I'll take another look at it later, haven't had time to fix it yet.
A temporary fix I had was a check in the submit function but it also forced the user to update an input if they changed the field and then cleared it. A page refresh on update worked too.

And yeah, this made me want to implement a reset password function haha. Future to do goal.

Another heads up: react quill is outdated and wont work on chromium browsers starting ~July if they don't update it. I'll probably switch the project to tinyMCE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IAMAmanRaj @ShhmonDai